Biometric device, system, and method for individual access control

ABSTRACT

A biometric device, and a corresponding system and a method, is used to control human access to an arbitrary area. The device includes a biometric capture system that reads specified biometric information from an individual and that compares the biometric information to previously stored biometric information to determine a match between the read and stored biometric information; a position location system that records the geographic location of the device, and determines if the device is inside the United States or outside the United States; an encryption system that encrypts the geographic location and a device-unique identification; and a wireless system that sends the encrypted geographic location and the device-unique identification to a remote location, where if the geographic location is inside the United States, the device receives a test satisfactory signal, and where if the geographic location is outside the United States, the device receives an exit satisfactory signal.

RELATED APPLICATION(S)

This application claims priority from U.S. Provisional Application No.61/193,627 filed on Dec. 11, 2008.

TECHNICAL FIELD

The technical field is devices, systems, and methods for controllingaccess of individuals to specific facilities and areas.

BACKGROUND

Private and government entities may, from time to time, desire to limitor otherwise control access, by specific individuals, to certainfacilities or geographical areas. One means for controlling accessbegins with identifying individuals whose access is to be limited, andthen issuing these individuals some form of entry device, where such adevice may include a hard copy (i.e., paper) pass, a key, or a magneticcard, for example. Such entry devices may include an expirationmechanism (e.g., on a paper pass, simply a stated expiration date). Someof these devices may provide a signal when the individual (or at leastthe entry device) has left the facility or geographical area underaccess control (for example, a magnetic card reader can read an entryand an exit of a magnetic card, and such entry and exit may berecorded). However, these entry devices have serious drawbacks, not theleast of which includes the possibility of obtaining fraudulent devices.

A specific example of using entry devices to control access togeographical areas is the US-VISIT program, operated by the U.S.Department of Homeland Security (DHS), in cooperation with other Federalagencies. The US-VISIT program operates as a means for enhancingsecurity and safety of U.S. citizens by controlling the entry and exitof certain individuals into and out of the United States. The US-VISITcurrently applies to all international visitors (with limitedexemptions) entering the United States. One aspect of US-VISIT is theuse of biometric data as part of the entry procedures for internationalvisitors holding a non-U.S. passport or visa. The US-VISIT programprovides visa-issuing posts and ports of entry with the biometrictechnology that enables the U.S. government to establish and verify anindividual's identity when visiting the United States. In many cases,this process begins overseas at a U.S. visa issuing post, where theindividual's biometrics—digital fingerprints and a photograph—arecollected and checked against a watch list of known criminals andsuspected terrorists. When the individual arrives at a U.S. port ofentry (POE), a U.S. Customs and Border Protection officer will scan upto ten fingerprints from the international visitor and take thevisitor's photograph with a digital camera. These data are collected sothat DHS can verify that the individual at the U.S. POE is the sameindividual who received the visa.

During the pre-entry process, and upon arrival at the Untied States,biometric data are collected because, unlike names and dates of birth,which can be changed, biometrics are unique and virtually impossible toforge. Collecting biometrics helps the U.S. government preventindividuals from using fraudulent documents to enter the United Statesillegally.

However, the US-VISIT program does not have an automated, easy to use,yet reliable means for determining when an international visitor hasexited the United States. Currently, international visitors are requiredto complete a DHS Form I-94 (Arrival-Departure Record) to complete theU.S. entry-exit process. Using biometric data to confirm U.S.-exist ofan international visitor will further enhance U.S. safety and security.

SUMMARY

Disclosed is a biometric device useable to control human access to anarbitrary area. The device includes a biometric capture system thatreads specified biometric information from an individual and thatcompares the biometric information to previously stored biometricinformation to determine a match between the read and stored biometricinformation; a position location system that records the geographiclocation of the device, and determines if the device is inside theUnited States or outside the United States; an encryption system thatencrypts the geographic location and a device-unique identification; anda wireless system that sends the encrypted geographic location and thedevice-unique identification to a remote location, wherein if thegeographic location is inside the United States, the device receives atest satisfactory signal, and wherein if the geographic location isoutside the United States, the device receives an exit satisfactorysignal.

DESCRIPTION OF THE DRAWINGS

The detailed description will refer to the following drawings in whichlike numerals refer to like items, and in which;

FIG. 1 illustrates an exemplary biometric device that may be used aspart of the US-VISIT program to control access of international visitorsinto the United States;

FIG. 2 is an exemplary block diagram of selected components of thebiometric device of FIG. 1;

FIG. 3 illustrates an exemplary, system that uses the device of FIG. 1to control access into the United States;

FIG. 4 is a flowchart illustrating an exemplary operation of the deviceof FIG. 1; and

FIG. 5 is a further flowchart illustrating other exemplary operations ofthe device of FIG. 1.

DETAILED DESCRIPTION

The U.S. Department of Homeland Security (DHS), in cooperation withother

Federal agencies, administers the US-VISIT program, which is designed toenhance safety and security for U.S. citizens and international visitorswhile facilitating legitimate travel and trade across U.S. borders.US-VISIT helps to secure U.S. borders, facilitate the entry and exitprocess, and enhance the integrity of the immigration system whilerespecting the privacy of international visitors to the United States.

US-VISIT is part of a continuum of security measures that beginsoverseas and continues through an international visitor's arrival to anddeparture from the United States. US-VISIT incorporates eligibilitydeterminations made by both the Departments of Homeland Security andState.

In those cases where a visa is issued by the Department of State,biometrics such as digital, inkless fingerscans and digital photographsallow the DHS to determine whether an individual trying to enter theUnited States is the same individual who was issued a visa by theDepartment of State. Additionally, the biometric data are checkedagainst watch lists, improving the DHS's ability to make admissibilitydecisions as well as the Department of State's ability to make visadeterminations. To perform these functions, the DHS operates a centralserver or equivalent processor and maintains a number of databases,including ADIS/IDENT. Included in these databases are visitor travelrecords and other data related to each international traveler whom mayenter the United States, or who is in the United States.

US-VISIT currently applies to all visitors (with limited exemptions)holding non-immigrant visas, regardless of country of origin.

Among all the biometric techniques, fingerprint-based identification isthe oldest method, and has been used successfully in numerousapplications. Everyone is known to have unique, immutable fingerprints.A fingerprint is made of a series of ridges and furrows on the surfaceof the finger. The uniqueness of a fingerprint can be determined by thepattern of ridges and furrows as well as the minutiae points. Minutiaepoints are local ridge characteristics that occur at either a ridgebifurcation or a ridge ending.

A critical step in automatic fingerprint matching is to automaticallyand reliably extract minutiae from the input fingerprint images.However, the performance of a minutiae extraction algorithm reliesheavily on the quality of the input fingerprint images. To enhance theperformance of an automatic fingerprint identification/verificationsystem a fingerprint enhancement algorithm may be used with the minutiaeextraction algorithm. Fast fingerprint enhancement algorithms exist thatcan adaptively improve the clarity of ridge and furrow structures ofinput fingerprint images based on the estimated local ridge orientationand frequency. These and other techniques can be used to improveminutiae extraction and, correspondingly, the accuracy of a fingerprintverification system.

In an improvement over current US-VISIT systems and methods, describedherein is an entry/exit biometric device, and accompanying system andmethod, for controlling access to the United States. As one of ordinaryskill in the art will appreciate, the inventive concepts embodied in thebiometric device, method, and system can be extended to access controlfor other countries, to specific geographic regions, and to specificfacilities (e.g., buildings).

FIG. 1 illustrates an exemplary biometric device 100 that may be used aspart of the US-VISIT program. The device 100 includes housing 110, whichmay be of a size of a current cell phone, for example. To protect theintegrity of data stored on the device 100, the housing 110 may includecertain tamper-resistant features to prevent unauthorized opening of thedevice 100. One such feature may include a disable feature thatpermanently disables the device 100 should the housing 110 be opened inan unauthorized manner. Another feature may simple erase any stored dataand programs should the housing 110 be tampered with. The device 100includes a status section 120. The status section 120 includes amultipurpose indicator 121 that may be used to indicate a satisfactorytest of the device, and for other purposes such as indicating successfulcapture of biometric data, for example; an exit verification indicator122; a wireless connectivity indicator 123; and a power indicator 124.The multipurpose indicator 121 may be a LCD or equivalent device, andmay present an appropriate text message, icon, or other equivalentmessage formatted signal. The multipurpose indicator 121 may be usedwhen testing the device 100 to indicate that the test was successful,and may be used to indicate satisfactory capture of biometricinformation. The exit verification indicator 122 is similar to themultipurpose indicator 121, and may be used to indicate a successfulexit from the United States. The wireless connectivity indicator 123indicates when the device 100 is able to send and receive wirelesscommunications in a satisfactory manner (e.g., sufficient signalstrength). The power indicator 124 indicates when the device 100 ispowered on and when the device 100 has sufficient power to operate andperform its intended functions.

The device 100 further include a scanning window 130 which mayoptionally include a status window or touch screen control panel 132.The scanning window 130 is used to record biometric information, such asfingerprint information, from the device user (i.e., an internationaltraveler entering/exiting the United States). To operate the scanningwindow 130, the international visitor simply places a finger on thescanning window surface. The visitor's fingerprint is scanned quickly.If the fingerprint data are successfully captured, the panel 132presents a capture ok message (text message, icon, or other equivalentmessage format) to the international visitor. Alternately, the biometricdata capture ok message may be presented by multipurpose indicator 121.

Finally, the device may include a microphone/speaker 135 to allow verbalcommunications between the device 100 and a device user, and an on/offswitch 140. The on/off switch 140 is used to power up the device 100from an internal power supply. The microphone 135 may be used inaddition to or in lieu of the status panel indicators and status panel132 to provide information to the international visitor (in a languageappropriate to that visitor) and to receive commands from that visitor.

Although the above description describes that capture of only onefingerprint from the international visitor, the device 100 may be set torequire capture of fingerprint data from more than one finger. In thissituation, the device 100 may indicate, verbally (microphone 135) orvisually (panel 132) which specific finger is to be scanned (e.g., indexfinger, left hand) or simply that any three fingers, for example, are tobe scanned.

To provide the functionality shown in FIG. 1, the device 100incorporates certain internal components for recording data, processingthe data, storing the data, and communicating with external devices.FIG. 2 is an exemplary block diagram of certain internal components ofthe device 100. When one of the internal components of the device 100 isdesigned to execute a processing function, that component may beembodied as software, hardware, or firmware. Furthermore, thearrangement of components in the device 100 is not meant to be limiting,and many of the processing and data storage functions of the device 100may be combined or divided among the components shown or among other,similar components.

As shown in FIG. 2, the device 100 includes wireless system 151, GPStransceiver 153, biometric capture system 155, power supply 157, CPU &RAM 161, and data store 163. The wireless system 151 may incorporateavailable cell phone technology except that the technology would enablethe device 100 to send/receive in the United

States and outside the United States. Each device 100 is programmed toplace one call, and one call only, namely to a DHS central server (seeFIG. 3) for testing (inside U.S.) and exit verification (outside theU.S.) functions. Should the wireless system 151 not be able to access asignal sufficient to allow two-way communications from the device 100 tothe central server, the wireless system 151 will send an appropriatesignal to de-activate the wireless connectivity indicator 123 (FIG. 1).

The GPS transceiver 153 communicates with an appropriate GPS satelliteand GPS system to provide current latitude and longitude information forthe device 100 to the DHS central server, or other appropriate location.In an embodiment, this GPS function is activated only after asatisfactory biometric capture (test or exit) and, when biometriccomparison is executed on the device 100, a comparison satisfactorycheck of the international visitor's biometric information.

The biometric capture system 155 is used to scan a visitor'sfingerprint(s), send the fingerprint information to the data store 163,when the device 100 is used to store such information, compare thecaptured fingerprint information to fingerprint information alreadystored in the data store 163, and generate a capture ok signal and acompare ok signal, as appropriate, to enable display of a correspondingmessage to the international visitor, to initiate a GPS location step ofthe device 100, and as an initial step in generating an exitsatisfactory signal to be sent to the DHS central server.

The biometric capture system 155 may be configured and programmed toscan and record minutiae data from any number of fingers of theinternational visitor. In one embodiment, the system 155 may randomlyinstruct the visitor which finger(s) to scan. For example, the system155 may randomly instruct the visitor to scan the left index finger. Inanother embodiment, the system 155 may instruct the visitor to scanfewer than ten fingers (e.g., three fingers) without specifying whichfingers. In still another alternative, the system 155 may accept any onefinger for scanning purposes. Finally, the system 155 may require thevisitor to can all ten fingers. With any of these alternatives, thesystem 155 will identify the finger scanned and compare the recordedminutiae information to corresponding information stored on the deviceby way of a minutiae template. Alternatively, the system 155 willprepare the finger scan data for transmission to the DHS central serverfor minutiae extraction and verification. In yet another alternative,the system 155 extracts the minutiae and finger identity and preparesthese data for transmission to the DHS central server for verificationpurposes.

The power supply 157 may be any appropriate energy storage, control, anddistribution device, including, for example, a rechargeable lithiumbattery. Alternatively, the power supply may be a non-rechargeable (butreplaceable) battery. Unless the international visitor repeatedly teststhe device 100, or, has an extended stay within the United States, anon-rechargeable battery should be adequate for testing and exitprocedures.

The CPU & RAM 161 includes the algorithms, instruction, and routinesneeded to complete operation of the device 100, include its many displayand messaging features. The CPU & RAM 161 operates in conjunction withthe other components of the device 100 to test operation of the device(in the U.S.) and to send an exit satisfactory signal (outside the U.S.)to the DHS central server. The CPU & RAM 161 also contains the routinesneeded to encrypt data to be sent from the device 100 to the DHS centralserver. Such encryption may include a time-based encryption technologyand be based on a unique key, defined in the international visitor'stravel record, for the device 100. In an embodiment, the information tobe encrypted is the latitude and longitude of the device 100 and thedevice-unique identification only.

The data store 163, as noted above, may store fingerprint information.In an embodiment, the data store 163 stores a fingerprint template,comprising fingerprint minutiae for subsequent comparison to minutiaeextracted from a fingerprint scan taken during a test (U.S.) or exit(outside the U.S.). The data store 163 also stores fingerprint scan datataken during a test or exit for comparison with the fingerprinttemplate. Both the stored fingerprint template and the fingerprint scandata may be stored as encrypted data to prevent possible compromise ofthese data. This encryption prevents the international visitor or otherperson from altering and then restoring the data and prevents otherindividuals from accessing the international visitor's biometric datafor any reason. The data store 163 also stores the device's uniqueidentification. Finally, the data store 163 stores, on a temporarybasis, the GPS location of the device 100. This GPS location temporarystorage is completed coincident with a device test procedure and an exitverification procedure. No other personally identifiable information isstored on the device 100, thereby protecting the US-VISIT databases andthe privacy of the international visitor.

FIG. 3 illustrates an exemplary system 200 for controlling access byinternational visitors to the United States. The system 200 includesmultiple biometric collection systems 210, which may be located outsidethe United States, typically at a U.S. visa issuing facility such as aU.S. consulate. A system 210 communicates with DHS central server 220,or similar server, which is located within the United States. Inoperation, an international visitor applying for entry into the UnitedStates visits a U.S.

consulate, or similar location, where the system 210 is used to capturebiometric information (e.g., all ten fingerprints and a photograph takenby a digital camera). The biometric information are then sent from thesystem 210 to the DHS central server 220, where the data are compared tobiometric information from lists of known or suspected terrorists andother undesirable individuals. This initial (at the POE) comparison mayresult in denial of a visa. The comparison, alternatively, may becarried out in whole or in part at another facility (e.g., at the FBI)coupled to the DHS server 220.

The system 200 also includes biometric collection systems 230 located atU.S. points of entry (POE). When an international visitor arrives at thePOE, that visitor's biometric is obtained, again, and the data are sentto the DHS central server 220 to verify that the international visitorat the POE is in fact the same individual as was at the U.S. consulateapplying for a visa. If the data do not match, the international visitoris denied entry into the United States. Alternatively, the comparisonmay be conducted at the POE.

At attempted entry, if the data match, the international visitor isprovided with a uniquely-identifiable biometric device 100. As shown inFIG. 3, the device 100 may, in an embodiment, be loaded into a dockingstation 235, and the international visitor's biometric information isloaded into the device 100. The international visitor then testsoperation of the device 100, and maintains the device 100 until sometime subsequent to exit from the United States. Note that operation ofthe device 100 within the United States constitutes a test of the device100, while operation of the device 100 outside the Untied Statesconstitutes an exit (or attempted exit).

As noted above, in an embodiment, the device 100, operating within thesystem 200 of FIG. 3 is used to store and compare visitor biometricdata. Thus, for either a test procedure or an exit procedure, nopersonally identifiable information related to the international visitorwill be transmitted from the device 100. Instead, only the devices'geographical position (latitude and longitude) and device identifier,are transmitted from the device 100. Even so, both the geographicposition and the device identifier are encrypted prior to transmissionfrom the device 100. Also, as noted above, in an embodiment, both thetest procedure and the exit procedure will not proceed to the pointwhere the encrypted data are transmitted from the device 100 if thebiometric scan (Capture and/or comparison) is not successful. Inaddition, if a wireless signal (e.g., cellular) is not available, or ifthe device 100 lacks sufficient power to operate, including collectionand transmission of geographic location data, then neither the testprocedure nor the exit procedure can be successful. Thus, theinternational visitor should expect to test operation of the device 100at least upon receipt o the device as the U.S. POE, and again beforeinitiating a U.S. exit. This is so because a successful exit signal maybe a precondition for a subsequent visit to the United States.

The device 100, and corresponding system 200, may be used for anyentry/exit mode, including land entry and exit, seaborne entry and exit,and airborne entry and exit. Furthermore, the US-VISIT program is notintended as a mechanism to arrest or detain any exiting internationalvisitor. Accordingly, the exit procedure need not be completed inreal-time, near real-time, or otherwise coincident with a physical exit.Instead, the exit procedure merely is intended to verify that a specificinternational visitor has left the United States. However, the exitprocedure should be completed as expeditiously as possible.

At the point of exit, using the device 100 will not cause or require anychange from current exit procedures. Specifically, use of the device 100will not require separate collection or verification of any biometricdata or other personal data from the international visitor. Instead, theinternational visitor need not use the device 100 to execute thedevice's exit procedure until well clear of the point of exit. Indeed,as noted above, activation and use of the device 100 while within theborders of the United States merely will result in a device testprocedure being invoked and completed.

When exiting the United States, or after exiting, when outside theUnited States, the international visitor will use the device 100 totransmit an exit verification. The international visitor turns thedevice 100 on; observes the light display or status window for a messageindicating sufficient battery power for transmission; sees that awireless signal is available; and applies one or more fingers to thedevice 100. The device 100 indicates whether a good quality biometricdata (e.g., a fingerprint) has been scanned or otherwise captured by thedevice 100, and subsequently verified; indicates when a wireless callhas been initiated; and advises that the call is connected. Finally, thedevice 100 indicates the result of the exit verification and,subsequently that the device 100 has been disabled.

If the device 100 does not display an exit acknowledgement, the device100 will retry until successful or until turned off. If a satisfactoryexit verification is not received within a few hours of the actual exit,or if the device 100 does not have sufficient battery power tosuccessfully complete the exit procedure, then the international visitorwill be prompted by to contact a US-VISIT exit hotline and/or submit thedevice 100 in person at an appropriate embassy or consular location torecord the exit.

Upon successful exit, the device 100 is no longer needed by theinternational visitor, and the device 100 may, accordingly, be shut downand disabled. The international visitor may then return the disableddevice 100 to a U.S. visa grating facility (U.S. consulate) or returnthe device 100 to DHS or a DHS agent by mail, for example.

Should the international visitor lose the device 100, then the sameinternational visitor will be required to resubmit the same biographicdata supported by official travel documents and identity verification bybiometric record checks as at entry. Should the device 100 fail tooperate properly while the international visitor is within the UnitedStates, then the international visitor may have to travel to areplacement service point to obtain a replacement device 100.

The device 100 is designed to be simple to operate and easy tounderstand. The device 100 incorporates, as noted above, a simple on/offswitch; displays of wireless connectivity, battery power level,acceptable fingerprint capture, call connection and data transmission inprogress, exit verification successful, device test successful; and afingerprint reader/scanner. The device 100 may have its uniqueidentifier displayed on the screen 130, or printed on the case 110.

To test the device 100, the international visitor, while within the U.S.borders, turns the device 100 on, checks to ensure that battery powerand wireless connectivity are sufficient, and then places one or morefingers (sequentially) on the device scanning window. The device 100should then provide a capture ok indication followed by a compare ok anda test ok indication. To complete the test, the device 100, reads thefingerprint data, compares the read fingerprint data to a correspondingminutiae template stored on the device 100, and if the read fingerprintdata and the template provide a match, signals a capture ok and compareok to the international visitor, and enables the GPS transceiver 153 todetermine the GPS location of the device 100. The GPS location and thedevice identification are then encrypted and the encrypted data sent tothe DHS central server 220. The DHS central server 220 receives thetransmitted, encrypted GPS and device identification data, decrypts thedata, determines that the GPS location is within the United States, anddetermines if the device identification matches that contained in theinternational visitor's travel records. If the device identificationdoes not match, then the DHS central server 220 sends a signal to thedevice 100 that will deactivate the device 100 and disconnect thewireless connection to the DHS central server 220. If the deviceidentification does match the device identification data contained inthe international visitor's travel records, the DHS central server 220returns an acknowledgement to the device 100 and disconnects thewireless connection between the device 100 and the DHS central server220. The device 100 then provides the test ok indication to theinternational visitor.

The exit procedure using the device 100 is similar to that of the testprocedure, except that the international visitor is outside the U.S.border. As a result, when the DHS central server 220 receives anddecrypts the encrypted GPS location data, the DHS central server 220determines that an exit verification procedure is in progress. If thedevice identification check is satisfactory, the DHS central server 220updates the international visitor's travel records with the date andtime of exit and with the GPS data, and sets the visitor's status toexit verified. The DHS central server 220 then sends a signal to thedevice 100 to provide an exit ok indication to the internationalvisitor, to disable the device 100, and to disconnect the wirelessconnection between the device 100 and the DHS central server 220.

In the above description of the device 100, the biometric verificationis conducted at and by the device 100, and no biometric data aretransmitted outside the device 100 during either a test or an exitprocedure. In another embodiment, however, the device 100 may be used tocapture, encrypt, and transmit such biometric information to the DHScentral server 220, and the DHS central server 220 then executes thebiometric verification. While this alternative embodiment requirestransmission of personal biometric data, such data would be transmittedas encrypted. Using the DHS central server 220 to perform the biometricverification provides specific advantages over a local biometricverification. First is that the visitor's biometric information need notbe stored on the device 100. Second, the DHS server 220 need onlyperform a simple 1:1 verification rather than a full database search sothat little time is required to complete the verification. Third, shouldthe biometric check fail at the DHS server 220, other routines may beexecuted or used to verify the biometric data, including initiating afingerprint search of the entire DHS database (or other fingerprintdatabase), or review by a human fingerprint examiner.

The above description refers to the extraction and use of fingerprintminutiae for verifying a visitor's identity. Obtaining this minutiaedata from a fingerprint is a complex process involving sophisticatedimage processing algorithms to find the minutiae points with highreliability. While such processing may be conveniently performed at theDHS central server 220, or at the POE when the international visitorfirst enters the United States, or prior to entry, upon application fora visa, performing such processing on the device 100 (during a test orexit) will require the device 100 to be loaded with the same orequivalent minutiae extraction routines, and will require the device 100to be supplied with greater processing power than if the minutiaeextraction were instead performed at the DHS central server 220. Thus,in an embodiment, the system 200 uses the device 100 to scan a singlefingerprint, encrypt and compress the fingerprint data, and to send thecompressed, encrypted fingerprint scan to the DHS central server 220,where the scan is decompressed, decrypted, and processed through aminutiae extraction algorithm form comparison to a minutiae templatestored with the international visitor's travel records at the DHScentral server 220.

However, use of minutiae at the device 100 level has its advantages.Notably, a minutiae file is perhaps 2 percent of the size of acorresponding fingerprint file. This makes transmission of minutiae datamuch faster and easier than fingerprint data. Thus, if biometricverification is performed at the DHS central server 220, transmittingminutiae data as opposed to fingerprint data has its advantages.

The success of the device 100 in providing an exit verification for aparticular international visitor depends on many factors, including thequality of biometric data captured during the exit process. In analternative embodiment, the device 100 may incorporate an adjustablethreshold feature in the minutiae comparison algorithm so that, uponentry of the international visitor, the threshold may be adjusted by theU.S. Customs and Border Protection officer (e.g., during initial testingof the device 100) so that during subsequent testing and the exit, asatisfactory match will be obtained.

FIG. 4 is a flowchart illustrating an exemplary test/exit routineexecuted by the device 100. FIG. 5 is a flowchart illustratingadditional, exemplary test/exit routines of the device 100.

In the preceding description, the device 100 and system 200 are used aspart of the US-VISIT program. However, as noted above, such devices andsystems may be used to control human access to virtually any geographicarea (including and arbitrarily-defined area) or facility. Furthermore,the device 100 and system 200 may use biometric data other thanfingerprint data.

1. A biometric device useable to control human access to an arbitraryarea, comprising: a biometric capture system that reads specifiedbiometric information from an individual and that compares the biometricinformation to previously stored biometric information to determine amatch between the read and stored biometric information; a positionlocation system that records the geographic location of the device, anddetermines if the device is inside the United States or outside theUnited States; an encryption system that encrypts the geographiclocation and a device-unique identification; and a wireless system thatsends the encrypted geographic location and the device-uniqueidentification to a remote location, wherein if the geographic locationis inside the United States, the device receives a test satisfactorysignal, and wherein if the geographic location is outside the UnitedStates, the device receives an exit satisfactory signal.
 2. Thebiometric device of claim 1, wherein the biometric capture system uses aminutiae extraction algorithm to read the specified biometricinformation.
 3. The biometric device of claim 1, further comprising ahousing enclosing the biometric device, wherein the housing includestamper-resistant features to prevent unauthorized opening of thebiometric device.
 4. The biometric device of claim 3, wherein thetamper-resistant features include a disable feature that permanentlydisables the biometric device should the housing be opened in anunauthorized manner.
 5. The biometric device of claim 3, wherein thetamper-resistant features include a disable feature that erases anystored data and programs should be housing be tampered with.
 6. Thebiometric device of claim 1, further comprising one or more of amultipurpose indicator that indicates a satisfactory test of thebiometric device, an exit verification indicator that indicates asuccessful exit from the United States, a wireless connectivityindicator that indicates when the biometric device is able to send andreceive wireless communications in a satisfactory manner, and a powerindicator that indicates when the biometric device is powered on andwhen the biometric device has sufficient power to operate and performits intended functions.
 7. The biometric device of claim 1, furthercomprising a scanning window that records the specified biometricinformation from the individual.
 8. The biometric device of claim 7,wherein the scanning window includes a status window or a touch screencontrol panel.
 9. The biometric device of claim 1, further comprising amicrophone/speaker to allow verbal communications between the biometricdevice and the individual.
 10. The biometric device of claim 1, whereinthe biometric capture system is set to require capture of fingerprintdata from more than one finger.
 11. The biometric device of claim 10,wherein the biometric capture system indicates which specific finger(s)is to be scanned.
 12. The biometric device of claim 10, wherein thebiometric capture system randomly instruct the individual whichfinger(s) to scan.
 13. The biometric device of claim 10, wherein thebiometric capture system identifies the finger scanned and compare thebiometric information to the previously stored biometric information todetermine a match.
 14. The biometric device of claim 1, wherein thebiometric capture system extracts minutiae and finger identity andprepares the minutiae and the finger identity for transmission to acentral server for verification purposes.
 15. The biometric device ofclaim 1, wherein the biometric device is shut down and disabled uponreceiving the exit satisfactory signal.
 16. The biometric device ofclaim 1, wherein the biometric device transmits the biometricinformation to a central server that compares the biometric informationto the previously stored biometric information.
 17. The biometric deviceof claim 16, wherein the biometric device transmits minutiae data asopposed to fingerprint data to the central server.
 18. A method forcontrolling human access to an arbitrary area, the method being executedby a computer comprising a processor and a memory and comprising:reading specified biometric information from an individual using abiometric device; comparing the biometric information to previouslystored biometric information to determine a match between the read andstored biometric information; recording the geographic location of thedevice; determining if the device is inside the United States or outsidethe United States; encrypting the geographic location and adevice-unique identification; sending the encrypted geographic locationand the device-unique identification to a remote location; if thegeographic location is inside the United States, sending a testsatisfactory signal to the device; and if the geographic location isoutside the United States, sending an exit satisfactory signal to thedevice.
 19. The method of claim 18, further comprising transmitting thebiometric information to a central server that compares the biometricinformation to the previously stored biometric information.
 20. Themethod of claim 19, further comprising transmitting minutiae data asopposed to fingerprint data to the central server.